RemoteLeaf Logo
Log in Sign up

Application Security Lead

3 weeks, 1 day ago
United Kingdom
Full-time
Lead
Application Security Engineer
Software Development
Burp Suite CI/CD Django GCP Kubernetes Microservices MongoDB Python Terraform Vue.js
Apply Now
Prolific

Prolific

Prolific is a platform that enables researchers to quickly find trustworthy research participants. With a pool of over 120,000 active and verified participants, Prolific ensures high-quality responses through continuous monitoring and engagement. The p...

Professional Services
51-250
Founded 1997
$0M raised
View All Jobs 160

Description

  • Own and evolve Prolific’s application security strategy end to end.
  • Define and drive the Secure Software Development Lifecycle (SSDLC) across engineering.
  • Serve as the most senior security engineering voice in the organisation.
  • Conduct hands-on code review, threat modelling, and security testing when needed.
  • Partner with engineering leadership to balance security risk and delivery velocity.
  • Build the tooling, processes, and security culture needed to embed security into product development.
  • Manage and mentor the Senior Application Security Engineer.
  • Own vulnerability management and lead high-impact security reviews.
  • Work cross-functionally with product engineering, platform, data, TechOps, and legal teams.
  • Continue to own the compliance programme alongside application security responsibilities.

Requirements

  • Several years of experience in software engineering and building production systems at scale.
  • Several years of experience in application security, including testing, code review, threat modelling, and vulnerability management.
  • Expert knowledge of the OWASP Top 10 for web and API security.
  • Strong understanding of modern attack paths, including authentication flaws, SSRF, injection, business logic issues, and supply chain risk.
  • Strong understanding of modern architectures such as microservices, APIs, and event-driven systems.
  • Python experience for security tooling and automation; Django is a strong plus.
  • Hands-on testing experience with tools such as Burp Suite and manual assessment of apps and APIs.
  • Experience building and scaling SSDLCs, including CI/CD security tooling such as SAST, SCA, DAST, and secrets scanning.
  • Experience leading threat modelling and security design reviews.
  • Experience with ISO 27001 and/or SOC 2, with the ability to translate controls into engineering practices.
  • Strong engineering partnership skills and clear communication with technical and non-technical audiences.
  • Preferred: experience mentoring or managing security engineers.
  • Preferred: experience with Django, Vue.js, MongoDB, and GCP.
  • Preferred: experience with security champions or bug bounty programmes.
  • Preferred: experience with supply chain or infrastructure security, including Terraform and Kubernetes.
  • Preferred: hands-on certifications such as OSCP, GWAPT, BSCP, or CISSP.
  • Preferred: experience building application security in a scaling company.

Benefits

  • Competitive salary.
  • Benefits package.
  • Remote working.
  • Mission-driven culture.
  • Access to a unique human data platform and opportunities for groundbreaking research.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

e.l.f. Beauty

Senior Application Security Engineer

e.l.f. Beauty 251-1K Consumer Goods

Senior Application Security Engineer role at a remote marketing and digital commerce company focused on securing applications across the software development lifecycle.

India Full-time Lead Application Security Engineer
Agile AWS Azure CI/CD Cybersecurity DevSecOps GCP HTML JavaScript Penetration Testing Python REST API
19 hours, 34 minutes ago
Binance

Binance Accelerator Program - Blockchain / Smart Contract Security

Binance 5K-10K Capital Markets

Binance is seeking a Binance Accelerator Program participant to support smart contract and blockchain security work, including audits, vulnerability analysis, and risk detection across Web3 systems.

Asia Hong Kong Taiwan Internship Entry Level Application Security Engineer
Blockchain Git Python VS Code
1 day, 22 hours ago
Evolve Security Academy

Senior Application Security Tester & AI Red Team Subject Matter Expert

Evolve Security Academy 11-50 Internet Software & Services

Evolve Security is seeking a senior offensive security specialist to lead complex web, API, and AI red team engagements while defining the firm’s testing methodology for LLM-enabled and agentic systems.

United States Full-time Senior AI (Artificial Intelligence) Application Security Engineer
Bash GraphQL JavaScript JWT Metasploit Nmap OpenID Connect Penetration Testing Postman PowerShell Python REST API SAML SPA TypeScript
3 days, 8 hours ago
TOMORROW HIRE

Application Security Engineer - DAST & Burp Suite Enterprise Security Testing

TOMORROW HIRE Internet Software & Services

Application Security Engineer at a fully remote federal contractor supporting secure application development, testing, and compliance for enterprise web applications.

United States Full-time Senior Application Security Engineer
$120k-$140k
Bash Burp Suite C# CI/CD Eclipse Java Linux .NET Python Selenium Unix Visual Studio
3 days, 23 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers